This is a cumulative patch that includes the functionality of all previously released patches for IE 5.01, 5.5 and IE 6. In addition, it eliminates the following two newly discovered vulnerabilities:

- A vulnerability in the zone determination function that could allow a script embedded in a cookie to be run in the Local Computer zone. While HTML scripts can be stored in cookies, they should be handled in the same zone as the hosting site associated with them, in most cases the Internet zone. An attacker could place script in a cookie that would be saved to the user's hard disk. When the cookie was opened by the site the script would then run in the Local Computer zone, allowing it to run with fewer restrictions than it would otherwise have.

To Arne: Are you sure about CookiePal and Danish?I use IE5SP2 German under 98SE and IE6 English under XP. Both with the latest patches. It works.Did you see the latest CookiePal version 1.7b?Under "Configure" there are two new options:

It is 1.7d. And it is completely useless. I can view and delete the cookies in my folder, but CookiePal has no control over what comes in anymore. I wrote about it to the company but have heard nothing.

I finally fixed my problem. In my despiration I downloaded this *** patch again. This time for the English version of IE6, which I do not have, and installed it. I wanted to try this before I went to one of my other machines and copy the files involved from there. And after a few protests from my machine, CookiePal works again. Nice, but now I have a mix of English and Danish, but who cares?

Cookie Pal now has the Windows XP look and feel when running on Windows XP. Cookie Pal now provides built in support for the Danish version of Internet Explorer 6. Opera privacy settings are not modified by Cookie Pal if the user has chosen not to monitor the Opera browser for cookies. Bug Fixes

Expiration dates for non-English versions of Internet Explorer could be incorrectly interpreted as session cookies.